Ping a Specific Port

Question

Julian Bechtold

Asked: 2021-09-17 00:24:27 +0800 CST2021-09-17 00:24:27 +0800 CST 2021-09-17 00:24:27 +0800 CST

Event 4771 (Bad Password Logon) Does not show proper client

772

We are having issues with frequently locked out accounts.

We are having 4771 {Bad Password} events on our main DC. Issue: Within the event, the client machine is not properly shown. Instead another DC is shown as client host name:

only in rare occasions the actual client host name is shown. What could be the cause for this?

1 Answers

Voted

Semicolon · Answer 1 · 2021-09-17T05:46:25+08:00

Semicolon

2021-09-17T05:46:25+08:002021-09-17T05:46:25+08:00

What you are seeing is a logon take place at another Domain Controller, and then subsequently - as with all bad password attempts in Active Directory - the original logon server forwarding the authentication to the DC with the PDC Emulator FSMO role to double-check the password -- to ensure that there wasn't a password change that hadn't been replicated yet, as the PDCe should be notified preferentially of any password changes.

The rare occasions when an actual client host name is shown, it is because the PDCe happens to be the original logon server of that request, and does not have to check with any other DC for confirmation.

0

Event 4771 (Bad Password Logon) Does not show proper client

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?